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The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 24 May 2001 . 
2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 7-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) S Notice of References Cited (PTO-892) 

2) LZI Notice of DraftspersorVs Patent Drawing Review (PTO-948) 

3) S Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date ±5. 



4) LZl Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CH Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper NoVMail Date 6 





Application/Control Number: 09/864,392 
Ar£ Unit: 3621 



Page 2 



DETAILED ACTION 



Claims 1-30 are presented for examination on the merits. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S. C 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

Claims 1-30 are rejected under 35 U.S.C. 102(b) as being anticipated by Bapat et al. 
(hereinafter Bapat), U.S. Patent 6,038,563. 

As per the following claims, Bapat discloses: 
1 . A method for controlling access rights of a requesting principal to a protected resource in a 
computer system, wherein a principal is associated with at least one role, the method comprising: 



• associating a role filter with a role (column 10); 

• associating a set of one or more capabilities with the role (column 10; 

• associating a capability filter with a capability in the set of one or more 
capabilities (column 10); and 

• authorizing access for the requesting principal to the protected resource based on 
an association between the requesting principal and the role and based on an 
association between the protected resource and a capability of the role (columns 



11-12). 
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2. The method of claim 1 further comprising: evaluating the role filter to determine a set of one 
or more principals to be associated with the role; and evaluating the capability filter to determine 
a set of one or more resources to be associated with the capability (column 27, lines 36-44). 

3. The method of claim 1 further comprising: associating a resource type with each capability in 
the set of one or more capabilities, wherein each capability defines access to at least one resource 
of the resource type (columns 11-12). 

4. The method of claim 1 further comprising: associating a set of one or more access conditions 
with each capability in the set of one or more capabilities, wherein each access condition defines 
an access constraint against authorizing access for the requesting principal to the protected 
resource (column 10, lines 15-47). 

5. The method of claim 4 further comprising: associating a set of one or more rights with each 
access condition in the set of one or more access conditions, wherein each right defines an access 
type for authorized access for the requesting principal to the protected resource (columns 16-18). 

6. The method of claim 1 further comprising: associating a filter Roles list with the requesting 
principal, wherein the filter Roles list is a multivalued attribute containing a set of one or more 
roles; associating a filter Members list with the role, wherein the filter Members list is a 
multivalued attribute containing a set of one or more principals; adding the role to the filter Roles 
list associated with the requesting principal if the requesting principal is added to the filter 
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Members list associated with the role; and adding the requesting principal to the filter Members 
list associated with the role if the role is added to the filter Role list associated with the 
requesting principal (figure 9 and associated text). 

7. The method of claim 1 further comprising: associating a filter Capabilities list with a resource, 
wherein the filter Capabilities list is a multivalued attribute containing a set of one or more 
capabilities; associating a filter Targets list with a capability, wherein the filter Targets list is a 
multivalued attribute containing a set of one or more resources; adding the capability to the filter 
Capabilities list associated with the resource if the resource is added to the filter Targets list 
associated with the capability; and adding the resource to the filter Targets list associated with 
the capability if the capability is added to the filter Capabilities list associated with the resource 
(figure 5 and associated text). 

8. The method of claim 1 further comprising: receiving notification of an update to an instance, 
wherein the instance has a type selecting from the group of principal", "resource", "capability", 
or "role"; determining the type of the instance; searching for capabilities with a resource type that 
matches the type of the instance; and running capability filters of matched capabilities against the 
instance (columns 24-25). 

9. The method of claim 8 further comprising: in response to a determination that the type of the 
instance is "principal", running all role filters against the instance (column 7, lines 18-31). 
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10. The method of claim 9 further comprising: in response to a determination that the type of the 
instance is "role" or "capability", determining whether a filter of the instance has been updated; 
and in response to a determination that the filter of the instance has been updated, running the 
filter of the instance in accordance with the type of the instance (columns 8-9). 

Claims 1 1-30 are directed to an apparatus and computer program product of the method as 
claimed above and are rejected as above. 

Examiner has pointed out particular references contained in the prior arts of record in 
the body of this action for the convenience of the applicant Although the specified citations 
are representative of the teachings in the art and are applied to the specific limitations within 
the individual claim, other passages and figures may apply as well It is respectfully requested 
from the applicant, in preparing the response, to consider fully the entire references as 
potentially teaching all or part of the claimed invention, as well as the context of the passage 
as taught by the prior arts or disclosed by the examiner. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

■ Patent Nos. 5,899,991 and 6,442,537 Bl to Karch. 

■ Patent No. 6,539,021 Bl to Kennelly et al. 

■ U.S. Patent Application Publication 2002/0169956 Al to Robb et al. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Bradley Bayat whose telephone number is 703-305-8548. The 
examiner can normally be reached on Tuesday- Friday during normal business hours. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on 703-305-9768. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

bbb 

February 10, 2004 




